Next-Gen CASB Blog

Insider Threats, Machine Learning, and the Next-Gen CASB

Oneof the biggest dangers to application security is that of the insider threat.This ranges from userswho unknowinglyexposecredentials and sensitive datato external parties,to disgruntled employeeswho act againstthe company's interests. These threats aredifficult to prevent with common security configurationsandarebig reasonswhyuserand entitybehavioranalytics (UEBA)issuch a common buzzword within the security industry.

It is absolutely critical for any security company to provide protection not only from outside attackers, but from internal dangers, as well. This can be done through a manualprocesswith administrators who review users' activities and spotsuspicious behaviors. However, this requires extensive human resources and is not scalable for companies of any size in the long term.

Theinsider-threatproblem requires somethingautomated that can baseline and analyze users'behaviorsin order to identify suspiciousactivities.This is where machine learningcomes into play. It canidentify malicious or illicit behaviors in real time; for example,if auser suddenly downloads unusuallylarge amounts of dataorlogs in and gains access to data outside ofnormalworking hours.

Only cloud access security brokers (CASBs)complete with machine learningcan defend against internal threats. They can baseline and analyze userbehavioracross all applications,generatereal-time alerts,andtake automated, corrective actions.While many cloud apps and service providers offer their own security features,theyare often limited bythe fact that they cannotidentify suspicious activity across different applications. However, with a CASB,admins gain total cross-appvisibility andcontrol.This can help identify suspicious activity such as a user logging in to different applicationsfrom California and Portugalwithin an impossiblyshort window of time.

Bitglass'next-gen capabilitiesprovide comprehensiveprotectionacross all applications. Through machine learning and advanced analytics,admins can restassured thatthey are protected from unseen internal threats.